212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 191:

    Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene. Which of the following elements he must consider while collecting physical evidence?

    A. Open ports, services, and operating system (OS) vulnerabilities
    B. DNS information including domain and subdomains Published
    C. name servers and web application source code Removable
    D. media, cable, and publications

  • Question 192:

    Which of the following risk mitigation strategies involves execution of controls to reduce the risk factor and brings it to an acceptable level or accepts the potential risk and continues operating the IT system?

    A. Risk assumption
    B. Risk avoidance
    C. Risk planning
    D. Risk transference

  • Question 193:

    Which of the following is NOT one of the techniques used to respond to insider threats:

    A. Placing malicious users in quarantine network, so that attack cannot be spread
    B. Preventing malicious users from accessing unclassified information
    C. Disabling the computer systems from network connection
    D. Blocking malicious user accounts

  • Question 194:

    Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

    A. XSS attack
    B. Denial-of-service
    C. URL manipulation
    D. SQL injection

  • Question 195:

    If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

    A. A7: Cross-site scripting
    B. A3: Sensitive- data exposure
    C. A2: Broken authentication
    D. A5: Broken access control

  • Question 196:

    Which of the following risk mitigation strategies involves the execution of controls to reduce the risk factor and bring it to an acceptable level, or accepts the potential risk and continues operating the IT system?

    A. Risk avoidance
    B. Risk assumption
    C. Risk transference
    D. Risk planning

  • Question 197:

    Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is analyzing the file systems, slack spaces, and metadata of the storage units to find hidden malware and evidence of malice. Identify the cloud security incident handled by Michael.

    A. Network-related incident
    B. Storage-related incident
    C. Application-related incident
    D. Server-related incident

  • Question 198:

    A user downloaded what appears to be genuine software. Unknown to her, when she installed the application, it executed code that provided an unauthorized remote attacker access to her computer. What type of malicious threat displays this characteristic?

    A. Backdoor
    B. Trojan
    C. Spyware
    D. Virus

  • Question 199:

    Which of the following is not called volatile data?

    A. Open sockets er open ports
    B. The dale a no Lime of the system
    C. Creation dates of files
    D. State of the network interface

  • Question 200:

    The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet logging is known as:

    A. Snort
    B. Wireshark
    C. Nessus
    D. SAINT

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.